The processors in smart phones and tablets leak radio signals that betray the encryption keys used to protect sensitive data.

At the RSA computer security conference last week, Gary Kenworthy of Cryptography Research held up an iPod Touch on stage and looked over to a TV antenna three meters away. The signal picked up by the antenna, routed through an amplifier and computer software, revealed the secret key being used by an app running on the device to encrypt data. An attacker with access to this key could use it to perfectly impersonate the device he stole it from—to access e-mail on a company server, for example.

The antenna was detecting radio signals "leaking" from the transistors on the chip inside the phone performing the encryption calculations. Transistors leak those signals when they are active, so the pattern of signals from a chip provides an eavesdropper a representation of the work the chip is doing. ...

Looks like even the current hardware can be mitigated with software, but at a performance hit. Of course it would be worth the performance it not to have your apps for looking at your bank, credit cards, stocks, purchases, etc. openly available for picking through to get keys to do you financial or privacy damage, eh?

New mobile devices can be dealt with at the hardware level and save on the performance hit.

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

From how this is described, it could apply to regular PCs too, right? They use the same components.....

Probably the easiest way to prevent signal leakage would be to shield the CPU of these devices.

That, I think would be a relatively simple engineering change.

Adam

While I'm not an electronics engineer, and I didn't stay at a Holiday Inn Express last night, I would think that the steel or aluminum case of a desktop PC would, at least, shield or block these transmissions from the CPU's transistors.

Mac"Long ago, when men cursed and beat the ground with sticks, it was called witchcraft. Today it's called golf." -- Will Rogers (1879-1935)

How did the antenna pick up signals from the device? Well, smartphones and other devices contain radio transmitters to communicate with cell towers and Wi-fi base stations, but in this case, the signal was apparently leaking form the CPU itself.

This is because as the CPU performs an operation, it radiates at a particular frequency. These frequencies change depending on the operation of CPU, but it is fairly easy to build a system that can detect this RF radiation.

Cryptography Research for example reportedly built its detector using nothing more than a simple AM radio and some other electronics. This allowed it to analyse the peaks and troughs of the signal which correspond to the string of digital 1s and 0s that make up the encryption key.

“[This] antenna is not supposed to work at this frequency, and it’s been in someone’s attic for years and is a bit bent,” Kenworthy, a principal engineer at Cryptography Research told Technology Review. “You could build an antenna into the side of a van to increase your gain – well, now you’ve gone from 10 feet to 300 feet.”

I would imagine that the shielding on desktop computers and hopefully laptop computer's CPUs would shield from such leakage and consequently detecting and reading of the data.

But is there something else going on here? Or are we truly just talking about these mobile companies NOT shielding the RF from the CPUs? I wonder if compact plastic computers like Mac Mini, Raspberry Pi, Tablets, compact or mini PCs? Do they all have whatever hardware shielding would prevent this leakage?

I think more needs to be known about this? Especially with drones coming to America and likely not just from local, state and federal governments but corporations likely too, I bet? Hopefully this would be more a concern for the those with concerns for state secrets, etc. and not average citizens, but who knows...

No one here read Neal Stephenson's Cryptonomicon, huh? In one part of the book, they use a similar stray radiation sniffer to eavesdrop on another computer in an adjoining hotel room. It's not science fiction, folks. Ain't it great!

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

I would imagine that the shielding on desktop computers and hopefully laptop computer's CPUs would shield from such leakage and consequently detecting and reading of the data.

But is there something else going on here? Or are we truly just talking about these mobile companies NOT shielding the RF from the CPUs? I wonder if compact plastic computers like Mac Mini, Raspberry Pi, Tablets, compact or mini PCs? Do they all have whatever hardware shielding would prevent this leakage?

I think more needs to be known about this? Especially with drones coming to America and likely not just from local, state and federal governments but corporations likely too, I bet? Hopefully this would be more a concern for the those with concerns for state secrets, etc. and not average citizens, but who knows...

Yes, many computer cases feature shielding, though it is not specifically for preventing outsiders from "listening in." It probably has more to do with keeping outside interference out.

I don't think there is anything else going on here. I think this type of "listening" is very similar to using a microphone to record the sound of someone typing on a keyboard. In other words, this is very specific.

To put it simply, is someone going to be able to drive by your house with an antenna and be able to distinguish what you are doing on the computer? Probably not. Did you see the antenna in the article picture? It was a very focused yagi array, meaning that this is not something you could pick up with a car antenna for example.

There are so many digital devices out there- even in our TVs!- that it would be very difficult (in my semi-educated opinion) to pick out a single processor and be able to discern what it was doing. I also bet that you would have to know what frequency (clock speed) the processor was running at in order to be able to really lock on.

I guess an elaborate scheme could be construed..... someone hacks your computer knowing its physical location, figures out your cpu, and gets a nice high gain antenna, points it at the computer's specific location, and tries to figure out what you are doing. Is this practical for the average hacker or script kiddie? Not really. It would have to be a highly targeted attack.

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

These two functions are vital to the proper operation of the cell network.

The GPS you refer to is not a true GPS fix unless the phone has an actual GPS receiver installed. Without the receiver, it uses triangulation of the cellular signals to provide approximate location.

This location information is what allows a 911 operator to know your location and be able to get emergency services to you as quickly as possible.

Pining the cellular towers constantly also allows the phone to know which tower to talk to, as well as the network would also know your location in order to properly route calls to you.

Adam

And also provides data to let the engineers know if any tower/cell area is having problems above normal. Nowadays the engineer is probably not even told till it hits a critical level and the network management software routes around the problem. The side effect benefits of being able to help locate lost people and criminals outweigh my BB concerns as long as warrants are still required.

Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience. ~C. S. Lewis

And also provides data to let the engineers know if any tower/cell area is having problems above normal. Nowadays the engineer is probably not even told till it hits a critical level and the network management software routes around the problem.

The other way they will know is through user complaints. AT&T has made this process simple with the "Marks the Spot" app for their devices. I am not sure if it is available for Android or not, but the iOS version lets you describe a problem and submit it as a problem. I am not sure how effective it is, but the same could be said for calling a CS rep.